439
public-key local create
Use public-key local create to create local key pairs.
Syntax
In non-FIPS mode:
public-key local create { dsa | ecdsa [ secp192r1 | secp256r1 | secp384r1 ] | rsa } [ name
key-name ]
In FIPS mode:
public-key local create { dsa | ecdsa [ secp256r1 | secp384r1 ] | rsa } [ name key-name ]
Default
No local key pairs exist.
Views
System view
Predefined user roles
network-admin
Parameters
dsa: Specifies the DSA key pair type.
ecdsa: Specifies the ECDSA key pair type.
• secp192r1: Uses the secp192r1 curve to create a 192-bit ECDSA key pair. The secp192r1
curve is used by default in non-FIPS mode.
• secp256r1: Uses the secp256r1 curve to create a 256-bit ECDSA key pair. The secp256r1
curve is used by default in FIPS mode.
• secp384r1: Uses the secp384r1 curve to create a 384-bit ECDSA key pair.
rsa: Specifies the RSA key pair type.
name key-name: Assigns a name to the key pair. The key-name argument is a case-insensitive
string of 1 to 64 characters. Valid characters are letters, digits, and hyphens (-). If you do not assign
a name to the key pair, the key pair takes the default name.
Table 55 Default local key pair names
RSA
• Host key pair: hostkey
• Server key pair: serverkey
DSA
dsakey
ECDSA
ecdsakey
Usage guidelines
The key algorithm must be the same as required by the security application.
When you create an RSA or DSA key pair, enter an appropriate key modulus length at the prompt.
The longer the key modulus length, the higher the security, the longer the key generation time.
When you create an ECDSA key pair, choose the appropriate elliptic curve. The elliptic curve
determines the ECDSA key length. The longer the key length, the higher the security, the longer the
key generation time.
See Table 56 for more information about key modulus lengths and key lengths.
To Next Page
Loading...
Need help?
General
